# aspect

A better messaging and chat protocol.  Building it the right way.

[rough design doc](https://tr3y.io/articles/tech/better-chat-protocol.html)

## Rough roadmap

These are handwavy milestones that I expect to change.

### Phase 1

* Prototype device identity system
* Basic MLS group setup/teardown
* Support adding/removing devices
* ZMQ or AMQP channel message streams

### Phase 2

* Protocol cleanup
* Properly authenticate user device identity graph
* Proper device attestation for homeservers
* Experiment with roaming identities?
* Replace transport auth with better system
* Homeserver push events to change group membership (use OpenMLS support for this)
* More sophisticated message structure and local channel state
* Prototype spaces?
* More homeserver administrative actions

### Phase 3

* More thorough spaces impl
* Invites
* Persistent channel data store (for custom emotes, stickers, etc.)

## Known issues

Keeping this list here so that I remember what I'm doing.

* No transport encryption, homeserver user creds are in plaintext.
* User authentication is shaky, should add some kind of session authentication to avoid resending creds and stuff.
* No connection pooling or automatic reconnect to homeservers.
* Password hashing round count is way too high for debug builds, takes 5+ seconds.
* Lots of ORM queries have `// TODO`s on them because we query more columns than we need to, that could be reduced.
* Lots of queries could be made into `JOIN`s but I don't know how to express that to SeaORM correctly.
* Lots of `Codec` serialization is "self-documenting" in the bad way (the source code is the only documentation), switch to using Stencil when it's mature enough.
